General
-
Target
8cb5d7598191b2815203e784b2933353f1240f521e1d060e2e5b20fc84854667
-
Size
267KB
-
Sample
221129-gexppsah72
-
MD5
49987a1831feb1155b7e5a5e49e4cdf0
-
SHA1
50b7687e3b81e6625d80f5db6c138c1d9f2470e4
-
SHA256
8cb5d7598191b2815203e784b2933353f1240f521e1d060e2e5b20fc84854667
-
SHA512
7abfe5630a8990dcea3a8e2a4d7ab44e12af426955e4b6b6148e5d4e083ea42b40824200bd017c7e990c66ee3434d8961799c79d340b43eebfd0d3969917b192
-
SSDEEP
6144:Quw24+Z6MLeqy56iS84cE0W1ay0jlup+xeiXRu0IZxfSs:QuLm6iSYW1rculqRaZQ
Malware Config
Targets
-
-
Target
8cb5d7598191b2815203e784b2933353f1240f521e1d060e2e5b20fc84854667
-
Size
267KB
-
MD5
49987a1831feb1155b7e5a5e49e4cdf0
-
SHA1
50b7687e3b81e6625d80f5db6c138c1d9f2470e4
-
SHA256
8cb5d7598191b2815203e784b2933353f1240f521e1d060e2e5b20fc84854667
-
SHA512
7abfe5630a8990dcea3a8e2a4d7ab44e12af426955e4b6b6148e5d4e083ea42b40824200bd017c7e990c66ee3434d8961799c79d340b43eebfd0d3969917b192
-
SSDEEP
6144:Quw24+Z6MLeqy56iS84cE0W1ay0jlup+xeiXRu0IZxfSs:QuLm6iSYW1rculqRaZQ
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Sets service image path in registry
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-